We are still using loginwiki for some CentralAuth operations, not directly, but via auth.wikimedia.org/loginwiki. loginwiki is fragile due to its nonstandard configuration and inviting that fragility into critical authentication pathways is not great (see e.g. T401843: Logging in on beta metawiki throws `Wikimedia\Services\NoSuchServiceException: No such service: CommunityConfiguration.ProviderFactory`). There were reasons to use that wiki when we still had a fallback to login.wikimedia.org but I don't think there's a reason for it today.
Description
Description
Details
Details
Related Changes in Gerrit:
Related Objects
Related Objects
- Mentioned In
- T403519: Several mwapi (Python) based tools are failing to edit: badtoken: Invalid CSRF token.
T403302: Remove SUL3 fallback domain support for loginwiki - Mentioned Here
- T401843: Logging in on beta metawiki throws `Wikimedia\Services\NoSuchServiceException: No such service: CommunityConfiguration.ProviderFactory`
Event Timeline
Comment Actions
Change #1181766 had a related patch set uploaded (by D3r1ck01; author: Derick Alangi):
[mediawiki/extensions/CentralAuth@master] CentralDomainUtils: Use another wiki for SUL3 domain central instead
Comment Actions
We may need to introduce a configuration that will be used instead of $wgCentralAuthLoginWiki; we were discussing using metawiki. I've seen some instances of such a concept in our production configuration, like
- https://gerrit.wikimedia.org/g/operations/mediawiki-config/+/b968bccf0d268a53775acb8a9b7fa5ea6137d4ee/wmf-config/CommonSettings-labs.php#177
- https://gerrit.wikimedia.org/g/operations/mediawiki-config/+/b968bccf0d268a53775acb8a9b7fa5ea6137d4ee/wmf-config/CommonSettings.php#1657
- https://gerrit.wikimedia.org/g/operations/mediawiki-config/+/b968bccf0d268a53775acb8a9b7fa5ea6137d4ee/wmf-config/CommonSettings.php#2200
- https://gerrit.wikimedia.org/g/operations/mediawiki-config/+/b968bccf0d268a53775acb8a9b7fa5ea6137d4ee/wmf-config/CommonSettings.php#2215
- https://gerrit.wikimedia.org/g/operations/mediawiki-config/+/b968bccf0d268a53775acb8a9b7fa5ea6137d4ee/wmf-config/CommonSettings.php#2221
- https://gerrit.wikimedia.org/g/operations/mediawiki-config/+/b968bccf0d268a53775acb8a9b7fa5ea6137d4ee/wmf-config/CommonSettings.php#2244
- https://gerrit.wikimedia.org/g/operations/mediawiki-config/+/b968bccf0d268a53775acb8a9b7fa5ea6137d4ee/wmf-config/CommonSettings.php#2453
- https://gerrit.wikimedia.org/g/operations/mediawiki-config/+/b968bccf0d268a53775acb8a9b7fa5ea6137d4ee/wmf-config/CommonSettings.php#3049
- https://gerrit.wikimedia.org/g/operations/mediawiki-config/+/b968bccf0d268a53775acb8a9b7fa5ea6137d4ee/wmf-config/CommonSettings.php#3517
- https://gerrit.wikimedia.org/g/operations/mediawiki-config/+/b968bccf0d268a53775acb8a9b7fa5ea6137d4ee/wmf-config/CommonSettings.php#3966
- https://gerrit.wikimedia.org/g/operations/mediawiki-config/+/b968bccf0d268a53775acb8a9b7fa5ea6137d4ee/wmf-config/CommonSettings.php#4222
- https://gerrit.wikimedia.org/g/operations/mediawiki-config/+/b968bccf0d268a53775acb8a9b7fa5ea6137d4ee/wmf-config/CommonSettings.php#4235
So maybe something more general for CentralAuth might help here, and can be reused for other similar purposes within the CA codebase, like: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CentralAuth/+/1176315
Comment Actions
Change #1183216 had a related patch set uploaded (by D3r1ck01; author: Derick Alangi):
[operations/mediawiki-config@master] SUL3: Use `metawiki` as central wiki
Comment Actions
Change #1183216 merged by jenkins-bot:
[operations/mediawiki-config@master] SUL3: Use `metawiki` as central wiki
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2025-09-01T13:03:50Z] <lucaswerkmeister-wmde@deploy1003> Started scap sync-world: Backport for [[gerrit:1183216|SUL3: Use metawiki as central wiki (T402527)]]
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2025-09-01T13:07:42Z] <lucaswerkmeister-wmde@deploy1003> d3r1ck01, lucaswerkmeister-wmde: Backport for [[gerrit:1183216|SUL3: Use metawiki as central wiki (T402527)]] synced to the testservers (see https://wikitech.wikimedia.org/wiki/Mwdebug). Changes can now be verified there.
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2025-09-01T13:13:27Z] <lucaswerkmeister-wmde@deploy1003> Finished scap sync-world: Backport for [[gerrit:1183216|SUL3: Use metawiki as central wiki (T402527)]] (duration: 09m 36s)
Comment Actions
Change #1181766 merged by jenkins-bot:
[mediawiki/extensions/CentralAuth@master] Enable using another wiki for SUL3 central login instead
Comment Actions
Post-deployment testing & monitoring
This seems to be already working on testwiki (checked a few minutes ago). I was able to log in to testwiki successfully and confirm that edge-login works too. Additionally, the checkLoggedIn endpoint is hit with the correct central wiki (when you click the login link).
 |  |  |
Thanks for resolving @matmarex.
Comment Actions
Tested on 2 group1 wikis today (hewiki and metawiki) and everything seems to work as expected.
 |  |
